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IN THE CLAIMS 

Please amend the claims as follows: 



1 . (Currently Amended) An authentication system suitable for automatically providing 
authentication to a ulser at a client node, the user providing a user secret and requesting access to 
network resources resident at one or more server nodes in a distributed network system, said 
authentication system\comprising: 

a local application program interface for receiving the user secret, said local application 
program interface in communication with a requested network resource and the client node ; 

a cryptography service node including means for providing a common key and algorithm, 
and means for providing a client/server session key and algorithm; and 

an authentication database in communication with said local application program 
interface and with said cryptography service node, said authentication database including 
an authentication secret associated with the user; 

means for encrypting said authentication secret using said common key and 
algoritnm; and 

means for encrypting said common key using said client/server session key and 
algorithm; 

wherein the local application program interface sends an encrypted authentication secret, 

an encrypted common key, and tme session key to the client node for use with the requested 
network resource . \ 

2. (Original) The authentication s^^stem of claim 1 further comprising means for encrypting and 
decrypting said authentication secret using a secret store key and algorithm. 

3. (Original) The authentication system of claim 1 further comprising, 

a network resource identifier associated with said requested network resource; and 
a network policy associated with the user and with said network resource 
identifier. \ 
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4. (Original) The authentication system of claim 1 wherein said authentication database further 
comprises, 

a second network resource identifier associated with a second network resource; 
a second authentication secret associated with the user; and 
a second network policy associated with the user and with said second network 
resourde identifier. 

5. (Original) The authentication system of claim 4 wherein said authentication database further 
comprises means for encrypting and decrypting said second authentication secret using said 
secret store key and algorithm. 

6. (Original) The authentication system of claim 4 wherein said authentication database further 
comprises means for encrypting ajid decrypting said second authentication secret using a second 
secret store key and algorithm. 

7. (Original) The authentication sWstem of claim 1 wherein said cryptography service further 
comprises means for generating an authentication secret from the user secret. 

8. (Original) The authentication system of claim 1 wherein said common key comprises a 
symmetric key. 

9. (Currently Amended) A methotl for automatically authenticating a user at a network 
client node in a distributed network system in response to a user request for access to network 
resources resident in one or more serveryiodes, said authentication method comprising the steps 
of: 

providing a network resource ideritifier, a network resource policy, and an authentication 
secret to an authentication database, said network resource identifier associated 
with the requested network resource; 

retrieving said authentication secretlin response to said user request, said authentication 
secret associated with the user and with said network resource identifier; 
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encrypting said autnenti cation secret with a common key and algorithm; 
encrypting said coMmon key and algorithm with a client/server session key and 
algorithm; and 

providing sending siid encrypted authentication secret and said encrypted common key 
to the client Aode. 



10. (Original) The method df claim 9 further comprising the steps of: 

decrypting said encrypted common key using said client/server session key; 
decrypting said encryated authentication secret using said decrypted common key and 
algorithm; andl 

providing said decrypted authentication secret to the requested network resource. 

1 1 . (Original) The method of dlaim 9 further comprising the step of accessing said network 
resource policy prior to said steb of retrieving said authentication secret, said network resource 
policy associated with the user and with said network resource identifier. 

12. (Original) The method of clddm 9 further comprising the steps of: 

obtaining a hst of client algorithms supported by the client node; 

obtaining a list of server algorithms supported by the server node; 

comparing said list of client algorithms with said Ust of server algorithms so as to 

determine the strongest algorithm common to both said list of client algorithms 

and said list of servet algorithms; and 
using said strongest algorithm as said common key and algorithm. 



13, (Original) The method of claim 9 wherein said common key comprises a symmetric key. 



14. (Original) The method of claim 9 
negotiating the strongest comr 
using said strongest algorithm 



further comprising the steps of: 

ion algorithm between server and client node; and 

as said client/server session key and algorithm. 
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15. (New) A method for authenticating a client to a network resource, comprising: 
receiving a cHent request for a network resource; 
authenticating the cHent and creating a secure session; 
creating an authentication secret for access to the network resource; 
encrypting the authentication secret within a common key; 
encrypting the common key with a session key associated with the secure session; 



and 



transmitting to the cHent the encrypted common key, the encrypted authentication 



secret, and the sessior 



key for use in accessing the network resource. 



16. (New) The method of claim 15 further comprising, determining a strongest encryption and 
decryption algorithm Supported by the client when encrypting the authentication secret within the 
common key. 

17. (New) The methc d of claim 15 further comprising receiving, by the network resource, a 
decrypted version of the authentication secret from the client and authenticating the client for 
access to the network resource based on the decrypted authentication secret. 



18. (New) The method of claim 15 further comprising associating policies with the 
authentication secret, wherein the policies define access rights of the client to the network 



resource. 



19. (New) The method of claim 15 negotiating with the client encryption and decryption 
algorithms for use in erjcrypting the authentication secret and the common key. 



20. (New) The method of claim 15 associating the authentication secret with the client and the 
network resource and he using the association in a secret store for additional secure sessions 
established by the client 



